Elex Wordpress Helpdesk Customer Ticketing System
Monthly
SQL injection in the ELEX WordPress HelpDesk & Customer Ticketing System plugin (versions <= 3.3.6) allows authenticated users with low-privilege Subscriber accounts to inject arbitrary SQL into backend database queries. Successful exploitation results in high confidentiality impact with a scope change, enabling access to data beyond the plugin's own tables, plus limited availability impact. No public exploit identified at time of analysis, but the disclosure originates from Patchstack's WordPress plugin vulnerability program.
SQL injection in the ELEX WordPress HelpDesk & Customer Ticketing System plugin (versions <= 3.3.6) allows authenticated users with low-privilege Subscriber accounts to inject arbitrary SQL into backend database queries. Successful exploitation results in high confidentiality impact with a scope change, enabling access to data beyond the plugin's own tables, plus limited availability impact. No public exploit identified at time of analysis, but the disclosure originates from Patchstack's WordPress plugin vulnerability program.